On Monday 2009-05-04 15:23, Pablo Neira Ayuso wrote: >Jan Engelhardt wrote: >> Please pull from: >> git://dev.medozas.de/iptables master >> >> to receive 1 external submission, 1 manpage completion, and 7 code >> transformations intended for the 1.4.4 'branch'. > >There are several API changes in this changeset, could you justify the >benefits of it? I think that they may break binary compatibility. I >think that the idea was to provide a stable API for things like jamal's >ipt, not to change it quite so often just to replace int by bool. The benefit, though smaller here, is correctness. Note the kernel has received similar changes in v2.6.22-600-ge1931b7. I plan to materialize more thoughts into code, as 1.4.4 should be away some months (if it follows the usual pattern...), or at least weeks, yet. I do not think we planned for a stable API - but feel free to ask Jamal. The main target was ABI, because... - I am not sure how m_ipt did it, but I seem to remember that despite version checks (ie. struct xtables_match->version) it provided an iptables-like API that was not actually that from the respective iptables version. Or something. I am not sure what m_ipt did previously w.r.t. checks, but there are now various mechanisms in place to ensure ABIs do not get mixed up erroneously: - soversion. m_ipt now links against, say, libxtables.so.2. If the latter changes incompatibly, it becomes libxtables.so.3, and the runtime linker ld.so will take care of it -- by throwing a "file not found" error, or by actually loading a still-existing .so.2. - libxtables will not load extensions that have a mismatching soversion string - lastly, we could make it so that every extension is backlinked to libxtables.so.$version as an added measure but I had not yet given thought of the impact that it causes for running iptables directly from the source directory. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
